Previously Alan DeKok wrote:
Carolin Latze wrote:
I was searching for some time now and I found a lot of messages from people who wanted to replace the OpenSSL dependencies in FreeRADIUS with GnuTLS. But so far it seems, that nobody really did that, is that right? Or has there been work on that and it failed for some reason? To be honest I have absolutely no idea how complicated that will be but at least I don't expect it to be easy. :)
It's hard. The GNUTLS stuff contains wrappers for OpenSSL. However, they also got a number of things in their API wrong. (From what I recall about the last time I checked). This made using GnuTLS difficult.
I've also seen a lot of timeout-related problems with MTAs compiled to use GNUTLS. Given the choice I'ld recommend everyone to use OpenSSL Wichert. -- Wichert Akkerman <wichert@wiggy.net> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple.